Flo Health - Cloud Security Engineer

London1w ago

In Office Senior EMEA Cloud Computing Software Security Engineer Cloud Engineer Terraform Team Leadership Kubernetes Python Bash

Upload My Resume

Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT

Apply in One Click

Requirements

• Experience: 7+ years in Infrastructure Security, Cloud Security, or Security Engineering roles. • Cloud Native Mastery: Deep expertise in AWS security services and best practices is essential. • Cloud Native Mastery: • Infrastructure as Code: Proficient in Terraform and Terragrunt — you run everything as code. • Infrastructure as Code: • Container Security: Strong knowledge of Kubernetes security, image hardening, and admission control. • Container Security: • Identity & Access: Solid understanding of identity management principles — SSO, OAuth, JWT, SAML. • Identity & Access: • Automation Mindset: Comfortable scripting in Python, Bash, or similar to automate security workflows. • Automation Mindset: • Network Security: Understanding of modern network security principles and their practical application. • Network Security: • SSDLC: Experience building Secure Software Development Lifecycle phases into engineering workflows. • SSDLC: • Experience with security monitoring and event correlation systems (IDS/IPS, SIEM, AWS-native tooling). • Knowledge of Zero Trust Architecture and its implementations (e.g., Cloudflare). • Familiarity with secret management processes and tools. • Experience in multi-cloud environments (AWS and preferably GCP). • Understanding of business continuity principles (BIA, DRP). • Professional accreditations such as AWS Security Specialty, CKS, or CISSP.

Responsibilities

• The Scale of the Challenge • At Flo we don't just have users, we have a global community. We are the #1 women's health app, in the last month alone, we saw 8.6M new installs and a 2.8M increase in active users. • When millions of people trust you with their most personal health data, security isn't a feature — it's a foundation. We are looking for a Cloud Security Engineer to join Velocity, our Internal Platform team. Your mission is to ensure that every system, pipeline, and tool our engineers rely on is secure by default — so they can ship fast without ever compromising trust. • Cloud Security Engineer • Velocity • The Mission: Velocity • The Velocity team exists to eliminate friction. We build and own the foundation everything else runs on: cloud infrastructure, developer tooling, and SRE practices. You will: • Embed Security Into the Platform: Bake security, compliance, and best practices into the core stack so they're invisible to developers and impossible to skip. • Embed Security Into the Platform: • Automate Everything: Drive security-as-code across infrastructure, CI/CD pipelines, and container lifecycles — making manual gates a thing of the past. • Automate Everything: • Cloud Security Posture: Own and continuously strengthen Flo's AWS security posture using tools like GuardDuty, Inspector, Security Hub, and SSM Patch Manager. • Cloud Security Posture: • Container & Supply Chain Security: Harden container image security end-to-end — patch vulnerabilities automatically with Copacetic, sign and verify images with Cosign/Sigstore, and enforce policies at admission with Kyverno. • Container & Supply Chain Security: • Policy as Code: Manage CI/CD security across the organisation using policy-as-code tooling (Kyverno, Checkov), ensuring standards are enforced programmatically. • Policy as Code: • Security Observability: Build visibility into security performance by measuring and visualising actionable metrics using tools like Databricks Dashboards or Looker. • Security Observability: • High-Scale Privacy: Support the infrastructure for industry-leading privacy features, such as our TIME-recognised "Anonymous Mode." • High-Scale Privacy: • Culture & Thought Leadership: Shape Flo's broader security culture through proactive engagement, documentation, and cross-team collaboration. • Culture & Thought Leadership:

Benefits

• High Impact: Your work directly protects the health data of millions - Flo is rewriting women's health, and you'll make sure it's done securely. • High Impact: • Autonomy: We hire experts and empower you to deliver. • Autonomy: • Cutting-Edge Stack: Work with modern security tooling (GuardDuty, Kyverno, Cosign, Elastic Cloud Security) deployed on real production infrastructure at massive scale. • Cutting-Edge Stack: • How we work • We’re a mission-led, product-driven team. We move fast, stay focused and take ownership – from brief to build to impact. Debate is encouraged. Decisions are shared. We care about craft, ship with purpose, and always raise the bar. • You’ll be working with people who take their work seriously, not themselves. It takes commitment, resilience, and the drive to keep going when things get tough. Because better health outcomes are worth it. • What you'll get • What you'll get • We support impact with meaningful reward. Here’s what that looks like: • Competitive salary and annual reviews • Opportunity to participate in Flo’s performance incentive scheme • Paid holiday, sick leave, and female health leave • Enhanced parental leave and pay for maternity, paternity, same-sex and adoptive parents • Accelerated professional growth through world-changing work and learning support • In-person collaboration and work in a hybrid model, with 3 days per week spent in the office • 5-week fully paid sabbatical at 5-year Floversary • Flo Premium for friends & family, plus more health, pension and wellbeing perks • Diversity, equity and inclusion